Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2645
Views
4
Helpful
7
Replies

Isolated VLAN

Go to solution
ben robin
Level 1
Level 1

‎08-16-2017 01:12 PM - edited ‎03-08-2019 11:46 AM

I would like to set a isolated VLAN on multiple switches (nexus 5548), I would like to create such VLAN so its members can be accessible only from the same VLAN members. the setting is some end devices belonging to the same VLAN in the configuration below:

end-devices---2xswitches===2xswitches----end-devices

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Predrag Jovic
Level 3
Level 3
In response to ben robin

‎08-17-2017 08:55 AM

SVI is needed only in the case that you need to permit traffic from/to devices that are outside your VLAN (for example to be used as default gateway). Devices located in the same VLAN on different switches, if configured correctly, are able to forward traffic to each other. In that sense, "normal" VLAN is isolated from all other hosts outside specific VLAN if SVI is not present and IP address is not assign to it.

I am deliberately ignoring the fact that VLAN can still have attached L3 device to one of its ports that can be used for routing (instead of SVI)...

View solution in original post

7 Replies 7

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎08-16-2017 01:40 PM

Is there a reason you can just create a normal VLAN and place all of those devices into it?

0 Helpful

Go to solution
ben robin
Level 1
Level 1
In response to Philip D'Ath

‎08-16-2017 06:25 PM

A normal VLAN will bereachable through the network, which i dont want.

0 Helpful

Go to solution
Predrag Jovic
Level 3
Level 3
In response to ben robin

‎08-16-2017 09:18 PM

Normal VLAN would be reachable through network only if there is interface VLAN (SVI) with assigned address and no filtering all traffic is configured. If there is no IP address for SVI or no SVI - VLAN can't be accessible. Even if there is SVI with IP address you can still filter all traffic on SVI (in both directions).

There is no difference between "normal" and "private VLAN". Private VLANs have different purpose (devices still can be reachable in private VLANs - depending on configuration just as it is in "normal" VLAN).

Go to solution
ben robin
Level 1
Level 1
In response to Predrag Jovic

‎08-17-2017 04:40 AM

Thanks for answering crni00000, in case if I set up no VLAN interface I am afraid the VLAN wont be reachable for other VLAN members connected to other switches.

0 Helpful

Go to solution
Predrag Jovic
Level 3
Level 3
In response to ben robin

‎08-17-2017 08:55 AM

SVI is needed only in the case that you need to permit traffic from/to devices that are outside your VLAN (for example to be used as default gateway). Devices located in the same VLAN on different switches, if configured correctly, are able to forward traffic to each other. In that sense, "normal" VLAN is isolated from all other hosts outside specific VLAN if SVI is not present and IP address is not assign to it.

I am deliberately ignoring the fact that VLAN can still have attached L3 device to one of its ports that can be used for routing (instead of SVI)...

Go to solution
paul driver
VIP
VIP

‎08-21-2017 03:46 PM

Hello

Do you require these vlan users to access the outside world? if so then a Routed acl (RACL) would be appllicable assigned to the SVI of the Vlan your wish to segragate, otherwise a simple L2 vlan with no L3 interface would be applicable.

 

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
ben robin
Level 1
Level 1
In response to paul driver

‎08-24-2017 12:52 AM

Thank you, I will go with the L2 Vlan solution.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card